Pass TLS read/write secrets by absl::Span instead of a byte vector.
PiperOrigin-RevId: 445930737
diff --git a/quiche/quic/core/crypto/crypto_utils.cc b/quiche/quic/core/crypto/crypto_utils.cc
index c55689f..9b33b0b 100644
--- a/quiche/quic/core/crypto/crypto_utils.cc
+++ b/quiche/quic/core/crypto/crypto_utils.cc
@@ -55,7 +55,7 @@
// Secret, Label, and Length are passed in as |secret|, |label|, and
// |out_len|, respectively. The resulting expanded secret is returned.
std::vector<uint8_t> HkdfExpandLabel(const EVP_MD* prf,
- const std::vector<uint8_t>& secret,
+ absl::Span<const uint8_t> secret,
const std::string& label, size_t out_len) {
bssl::ScopedCBB quic_hkdf_label;
CBB inner_label;
@@ -115,7 +115,7 @@
}
void CryptoUtils::SetKeyAndIV(const EVP_MD* prf,
- const std::vector<uint8_t>& pp_secret,
+ absl::Span<const uint8_t> pp_secret,
const ParsedQuicVersion& version,
QuicCrypter* crypter) {
std::vector<uint8_t> key =
@@ -130,7 +130,7 @@
}
std::vector<uint8_t> CryptoUtils::GenerateHeaderProtectionKey(
- const EVP_MD* prf, const std::vector<uint8_t>& pp_secret,
+ const EVP_MD* prf, absl::Span<const uint8_t> pp_secret,
const ParsedQuicVersion& version, size_t out_len) {
return HkdfExpandLabel(prf, pp_secret, getLabelForVersion(version, "hp"),
out_len);
diff --git a/quiche/quic/core/crypto/crypto_utils.h b/quiche/quic/core/crypto/crypto_utils.h
index 718f48d..87bf309 100644
--- a/quiche/quic/core/crypto/crypto_utils.h
+++ b/quiche/quic/core/crypto/crypto_utils.h
@@ -91,13 +91,13 @@
// protection key. GenerateHeaderProtectionKey/SetHeaderProtectionKey must be
// called before using |crypter|.
static void SetKeyAndIV(const EVP_MD* prf,
- const std::vector<uint8_t>& pp_secret,
+ absl::Span<const uint8_t> pp_secret,
const ParsedQuicVersion& version,
QuicCrypter* crypter);
// Derives the header protection key from the packet protection secret.
static std::vector<uint8_t> GenerateHeaderProtectionKey(
- const EVP_MD* prf, const std::vector<uint8_t>& pp_secret,
+ const EVP_MD* prf, absl::Span<const uint8_t> pp_secret,
const ParsedQuicVersion& version, size_t out_len);
// Given a secret for key phase n, return the secret for phase n+1.
diff --git a/quiche/quic/core/crypto/tls_connection.cc b/quiche/quic/core/crypto/tls_connection.cc
index 61e4c23..1b54b14 100644
--- a/quiche/quic/core/crypto/tls_connection.cc
+++ b/quiche/quic/core/crypto/tls_connection.cc
@@ -158,12 +158,9 @@
const SSL_CIPHER* cipher,
const uint8_t* secret,
size_t secret_length) {
- // TODO(nharper): replace this vector with a span (which unfortunately doesn't
- // yet exist in quic/platform/api).
- std::vector<uint8_t> secret_vec(secret, secret + secret_length);
TlsConnection::Delegate* delegate = ConnectionFromSsl(ssl)->delegate_;
if (!delegate->SetReadSecret(QuicEncryptionLevel(level), cipher,
- secret_vec)) {
+ absl::MakeSpan(secret, secret_length))) {
return 0;
}
return 1;
@@ -175,11 +172,9 @@
const SSL_CIPHER* cipher,
const uint8_t* secret,
size_t secret_length) {
- // TODO(nharper): replace this vector with a span (which unfortunately doesn't
- // yet exist in quic/platform/api).
- std::vector<uint8_t> secret_vec(secret, secret + secret_length);
TlsConnection::Delegate* delegate = ConnectionFromSsl(ssl)->delegate_;
- delegate->SetWriteSecret(QuicEncryptionLevel(level), cipher, secret_vec);
+ delegate->SetWriteSecret(QuicEncryptionLevel(level), cipher,
+ absl::MakeSpan(secret, secret_length));
return 1;
}
diff --git a/quiche/quic/core/crypto/tls_connection.h b/quiche/quic/core/crypto/tls_connection.h
index a4887e8..5c4e8b8 100644
--- a/quiche/quic/core/crypto/tls_connection.h
+++ b/quiche/quic/core/crypto/tls_connection.h
@@ -47,7 +47,7 @@
// traffic secrets and application traffic secrets. The provided write
// secret must be used with the provided cipher suite |cipher|.
virtual void SetWriteSecret(EncryptionLevel level, const SSL_CIPHER* cipher,
- const std::vector<uint8_t>& write_secret) = 0;
+ absl::Span<const uint8_t> write_secret) = 0;
// SetReadSecret is similar to SetWriteSecret, except that it is used for
// decrypting messages. SetReadSecret at a particular level is always called
@@ -55,7 +55,7 @@
// where the EncryptionLevel for SetWriteSecret is
// ENCRYPTION_FORWARD_SECURE.
virtual bool SetReadSecret(EncryptionLevel level, const SSL_CIPHER* cipher,
- const std::vector<uint8_t>& read_secret) = 0;
+ absl::Span<const uint8_t> read_secret) = 0;
// WriteMessage is called when there is |data| from the TLS stack ready for
// the QUIC stack to write in a crypto frame. The data must be transmitted
diff --git a/quiche/quic/core/tls_client_handshaker.cc b/quiche/quic/core/tls_client_handshaker.cc
index dbe7234..7460263 100644
--- a/quiche/quic/core/tls_client_handshaker.cc
+++ b/quiche/quic/core/tls_client_handshaker.cc
@@ -429,7 +429,7 @@
void TlsClientHandshaker::SetWriteSecret(
EncryptionLevel level, const SSL_CIPHER* cipher,
- const std::vector<uint8_t>& write_secret) {
+ absl::Span<const uint8_t> write_secret) {
if (is_connection_closed()) {
return;
}
diff --git a/quiche/quic/core/tls_client_handshaker.h b/quiche/quic/core/tls_client_handshaker.h
index d3c6312..21b6033 100644
--- a/quiche/quic/core/tls_client_handshaker.h
+++ b/quiche/quic/core/tls_client_handshaker.h
@@ -72,7 +72,7 @@
void OnHandshakeDoneReceived() override;
void OnNewTokenReceived(absl::string_view token) override;
void SetWriteSecret(EncryptionLevel level, const SSL_CIPHER* cipher,
- const std::vector<uint8_t>& write_secret) override;
+ absl::Span<const uint8_t> write_secret) override;
// Override to drop initial keys if trying to write ENCRYPTION_HANDSHAKE data.
void WriteMessage(EncryptionLevel level, absl::string_view data) override;
diff --git a/quiche/quic/core/tls_handshaker.cc b/quiche/quic/core/tls_handshaker.cc
index 6f4f4ff..15b4d4f 100644
--- a/quiche/quic/core/tls_handshaker.cc
+++ b/quiche/quic/core/tls_handshaker.cc
@@ -235,7 +235,7 @@
void TlsHandshaker::SetWriteSecret(EncryptionLevel level,
const SSL_CIPHER* cipher,
- const std::vector<uint8_t>& write_secret) {
+ absl::Span<const uint8_t> write_secret) {
QUIC_DVLOG(1) << ENDPOINT << "SetWriteSecret level=" << level;
std::unique_ptr<QuicEncrypter> encrypter =
QuicEncrypter::CreateFromCipherSuite(SSL_CIPHER_get_id(cipher));
@@ -252,7 +252,7 @@
header_protection_key.size()));
if (level == ENCRYPTION_FORWARD_SECURE) {
QUICHE_DCHECK(latest_write_secret_.empty());
- latest_write_secret_ = write_secret;
+ latest_write_secret_.assign(write_secret.begin(), write_secret.end());
one_rtt_write_header_protection_key_ = header_protection_key;
}
handshaker_delegate_->OnNewEncryptionKeyAvailable(level,
@@ -261,7 +261,7 @@
bool TlsHandshaker::SetReadSecret(EncryptionLevel level,
const SSL_CIPHER* cipher,
- const std::vector<uint8_t>& read_secret) {
+ absl::Span<const uint8_t> read_secret) {
QUIC_DVLOG(1) << ENDPOINT << "SetReadSecret level=" << level;
std::unique_ptr<QuicDecrypter> decrypter =
QuicDecrypter::CreateFromCipherSuite(SSL_CIPHER_get_id(cipher));
@@ -278,7 +278,7 @@
header_protection_key.size()));
if (level == ENCRYPTION_FORWARD_SECURE) {
QUICHE_DCHECK(latest_read_secret_.empty());
- latest_read_secret_ = read_secret;
+ latest_read_secret_.assign(read_secret.begin(), read_secret.end());
one_rtt_read_header_protection_key_ = header_protection_key;
}
return handshaker_delegate_->OnNewDecryptionKeyAvailable(
diff --git a/quiche/quic/core/tls_handshaker.h b/quiche/quic/core/tls_handshaker.h
index ddd44c6..d2e0ee4 100644
--- a/quiche/quic/core/tls_handshaker.h
+++ b/quiche/quic/core/tls_handshaker.h
@@ -138,14 +138,14 @@
// traffic secrets and application traffic secrets. The provided write secret
// must be used with the provided cipher suite |cipher|.
void SetWriteSecret(EncryptionLevel level, const SSL_CIPHER* cipher,
- const std::vector<uint8_t>& write_secret) override;
+ absl::Span<const uint8_t> write_secret) override;
// SetReadSecret is similar to SetWriteSecret, except that it is used for
// decrypting messages. SetReadSecret at a particular level is always called
// after SetWriteSecret for that level, except for ENCRYPTION_ZERO_RTT, where
// the EncryptionLevel for SetWriteSecret is ENCRYPTION_FORWARD_SECURE.
bool SetReadSecret(EncryptionLevel level, const SSL_CIPHER* cipher,
- const std::vector<uint8_t>& read_secret) override;
+ absl::Span<const uint8_t> read_secret) override;
// WriteMessage is called when there is |data| from the TLS stack ready for
// the QUIC stack to write in a crypto frame. The data must be transmitted at
diff --git a/quiche/quic/core/tls_server_handshaker.cc b/quiche/quic/core/tls_server_handshaker.cc
index 3d9be2a..58ea409 100644
--- a/quiche/quic/core/tls_server_handshaker.cc
+++ b/quiche/quic/core/tls_server_handshaker.cc
@@ -556,7 +556,7 @@
void TlsServerHandshaker::SetWriteSecret(
EncryptionLevel level, const SSL_CIPHER* cipher,
- const std::vector<uint8_t>& write_secret) {
+ absl::Span<const uint8_t> write_secret) {
if (is_connection_closed()) {
return;
}
diff --git a/quiche/quic/core/tls_server_handshaker.h b/quiche/quic/core/tls_server_handshaker.h
index fde73c6..fa5ca75 100644
--- a/quiche/quic/core/tls_server_handshaker.h
+++ b/quiche/quic/core/tls_server_handshaker.h
@@ -89,7 +89,7 @@
override;
std::unique_ptr<QuicEncrypter> CreateCurrentOneRttEncrypter() override;
void SetWriteSecret(EncryptionLevel level, const SSL_CIPHER* cipher,
- const std::vector<uint8_t>& write_secret) override;
+ absl::Span<const uint8_t> write_secret) override;
// Called with normalized SNI hostname as |hostname|. Return value will be
// sent in an ACCEPT_CH frame in the TLS ALPS extension, unless empty.
